Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Capt. Cautious (992854) writes "FOR MANAGEMENT
Inasmuch as I was not able to locate a means to contact the staff of Slashdot I am posting this here as it will be important to other professionals.
I am a licensed health care doctor. I also have an strong interest in Linux and computing and individual rights.In that I am a Doc, I have patient records on my computer and as such HIPAA has certain protection standards I must follow online. Among those javascript can not be used as it could potentially further expose patient data. Yes a closed intranet such as a hospital or large clinic is exempt so long as client machines or servers with pt. data (PMI) "Personal Medical Information" or any variant that would allow an outside intruder to commit ID theft. One can not access the internet unless 1) all PMI is encrypted (at least 128 moving towards 256bit)2) as of this year all PMI that is not the medical record itself must be similarly protected.E-mail to patients is usually prohibitive as encryption IS and other standards that are required.
Not being a programmer and only recently started learning Bash & HTML I can not speak to the efficacy nor security of javascript. Unfortunately many sites use javascript very indiscriminately,(yes I got toasted more than once, and had to reload the laptop.) If I provide my legal name the likelihood of problems is very high as I live and work in an unbelievably nosy University town. Please reconsider the current use of javascript. I would really hate to have to find a new tech oriented home page...
In Service & In Health,
Captain V. Cautious"

I haven't heard anything about JS restrictions, do you have documentation on this somewhere? When I visit hhs.gov (or google for "javascript site:.gov") the only things I see about javascript is how it should be turned on to best view the pages. In order for us to offer the advanced tools and technology as the web evolves javascript becomes a necessary tool (see http://slashdot.org/faq/UI.shtml#ui700 [slashdot.org] ). If you would really like a stripped down page you can log in, select the preferences icon in the upper

JS can't as far as I know access the local harddrive, so it should be safe enough for
most purposes. Cross scripting can be a problem with older browsers which had bugs allowing
JS from one domain to access another internet address. Most modern browser prevent this.
JS should be safe, by now, providing the browsers implementation is up to the mark.
Really though for safety you ought to have your patient records on a different computer to
the one you use to browse the web and do your other work with.